Ultimate Guide to SSL Certificates

by | Apr 4, 2019 | Site Security

An SSL certificate is not a choice – it’s a necessity.

You’re keeping your user’s data secure.

You’ll get the “https” secure symbol in browsers.

Better yet – Google will reward your site with better search rankings.

guide to SSL

Online security is something that we are all hyper-aware of this day and age. In the old days of the internet, you didn’t have to worry too much about viruses and malware. Nowadays it seems like something is lurking in every corner of the web.

Fortunately, while hackers are trying to steal our data, there are plenty of methods that we can use to prevent that from happening.

One of the most effective and widely used methods is to use SSL certificates. Today we’re going to dive deep into the world of online encryption and see how it is keeping the internet safe, particularly when sensitive information is being transferred.

We will also do a SSL certificate comparison to help you find the best SSL certificate and SSL certificate provider for you.

What is an SSL Certificate?

The term SSL is an acronym that stands for secure socket layer. What this means is that your data is broken down into various pieces, or sockets, so as to prevent it from being intercepted by a third party, such as a hacker.

The way it works is that it’s a two-step process. First, the information is encrypted by being socketed, and then the website that you are communicating with is verified to be the real deal.

For example, if you’re purchasing something from an online store, an SSL certificate is a way to make sure that the site has been verified and that it’s not a dummy page set up by a hacker.

 

Why Buy SSL Certificate?

Technically speaking, any website that wants to make sure that it’s safe needs to utilize SSL encryption.

This will ensure that the pages don’t get infected or spiked by a hacker, which will then put anyone who visits the site at risk.

There are several different types of certificates that websites can get (which we’ll get into in a little bit), which means that not all pages will be encrypted the same way.

For example, someone running a blog may choose a simplified version since they are not dealing with any sensitive information, but any kind of online store should have advanced encryption to ensure that customer data is not breached.

 

Benefits of Using SSL Certificates

If you are a website manager, there are quite a few reasons that you should purchase and employ SSL certificates. Beyond the obvious benefit of keeping you and your visitors safe, SSL can offer these advantages as well.

  • Keeps it Professional: a key distinction between an amateur page and a professional one is the existence of a certificate. So, if you want to be taken seriously as a business or online brand, then you need to step up.
  • Reduces Bounce Rate: once people realize that your site is unsafe, they will leave as quickly as possible. So, to keep your audience engaged, you have to make sure that they have a pleasant experience.
  • Prevents Flagging: if your site does get hacked because you don’t have an SSL certificate, then search engines may list you as unsafe, and antivirus programs may prohibit users from visiting your page altogether. When trying to build an online presence, this can be a huge roadblock for you.
  • Offers Trust: even if customers are not familiar with your brand, seeing that the page has high levels of encryption shows them that you are safe and can be trusted with sensitive information.
  • Improves Ranking: your spot on a search engine can make or break your online presence, and having higher levels of security will help you get higher on search results so that you can outpace the competition.

 

SSL Certificate Types

As we mentioned, there are several different varieties of SSL certificates, with each one defined by a set of parameters that you have to meet.

While all certificates offer a layer of protection to your site, only certain ones (such as EV SSL) can ensure that all data is encrypted and inaccessible to hackers. Here are the most common types of certificates that you can find.

 

Domain Validation SSL

If you are running a low-level site (such as a blog) and don’t handle any sensitive information, then DV SSL might be a great option. It’s relatively cheap and easy to find, but it doesn’t offer as much protection.

The reason that this certificate is one of the least secure is that it doesn’t require any validation from the SSL provider. This means that you, as the site owner, don’t have to verify all of your business details before getting a certificate.

This is also why they are so easy to get since it’s a much more simplified approval process.

 

Organization Validation SSL

The next step above DV SSL is organization validation. To get this kind of certificate you have to provide verifiable details about your physical business, such as address and phone number.

This type of certificate is ideal for organizations that have a brick and mortar location as well as a site. However, it’s still not recommended for dealing with sensitive information such as credit cards.

 

Extended Validation SSL

This is the highest level of security you can have, and it’s necessary for any online business that deals with transactions aka “e-commerce”. So, if you run an online store or banking system, you need EV SSL. This type of certificate requires rigorous evaluation by the authority who provides it to you.

Only once you pass all verification procedures can you get approval. The other bonus of obtaining EV SSL status is that your site will be listed with a green lock symbol in the address bar.

This shows visitors that your site is as secure and protected as possible. In the end, this is the best SSL certificate you can buy.

 

Wildcard SSL

For the most part, websites don’t have the same level of encryption for each page. This is because it can be expensive and time-consuming to do so.

However, a simple way to get around this is to get a Wildcard SSL certificate, which allows you to encrypt all subdomains from your base site.

For example, if your standard domain is www.mysite.com, then you can get a Wildcard certificate to cover all subdomains, such as blog.mysite.com, mail.mysite.com, and so forth. Usually, you only have to provide verification that these subdomains are part of your overall website, but in some instances, you may have to create separate IP addresses to get approval.

Overall, the ones who need Wildcard SSL are those who manage a lot of subdomains and want to keep everything as simple as possible.

 

How Can You Get an SSL Certificate?

First of all, SSL certificates are only given by certain providers, so you have to find one before you can get started. We’ll go over the list of the top vendors and where you can find them later

But it’s important to know that you can’t get a certificate from just anywhere.

Typically speaking, the certificate authority requires three levels of information from the website requesting SSL encryption. Depending on the type of certificate you get, though, you may have to provide more or less information to be verified.

 

IP Address

For security purposes, only one certificate can be generated for a single IP address. Again, Wildcard SSL can cover subdomains too, but you still have to have a verifiable IP for the primary domain. If you don’t own the domain, then you cannot get a certificate for it.

 

Certificate and Signing Request (CSR)

This is a generic term for an encrypted form that can contain sensitive information. CSRs are used for various purposes including applying for an SSL certificate. The amount of information that you provide will depend on both the authority and the type of certificate you want.

The most common data includes a physical address, business names, locality, and country of origin.

In many cases, the certificate authority (CA) will have a CSR form that you can fill out, but sometimes you may have to generate one yourself. Overall, as long as the information listed is accurate and verifiable, then you shouldn’t have any problems with getting approved.

 

WHOIS Record

If you’re not familiar with this term, WHOIS data refers to the information that is listed for the owner of a given domain. When you purchase the domain, you have to provide data such as name and contact details so that anyone trying to find the owner of the site can do so quickly and easily.

When applying for an SSL certificate, the CA will cross check the data on your CSR form with the WHOIS record to make sure that they match.

If for some reason, they do not match, then you have to adjust the WHOIS data to reflect the current information listed on your CSR form. Otherwise, you won’t be approved.

 

What is LetsEncrypt?

Typically speaking, when you get an SSL certificate, all correspondence is done manually between you and the provider. However, LetsEncrypt is an automated service that does all of this for you without any human intervention.

The whole process is a bit technical, but the benefit of using this kind of system is that it can make everything run much smoother, and it still provides all of the verification and authentication without any issues.

Since the program only works if the site is verified, neither the SSL provider nor the requester has to worry about the system allowing for mistakes or holes in security.

 

Who Provides SSL Certificates?

There are quite a few CAs out there from which you can buy a certificate, and some are more well known than others.You must make sure they are legitimate authorities so that your certificate will be valid and operational.

Two of the biggest authorities out there are Comodo SSL and Verisign, so feel free to check them out if you are looking to get certified.

There is another way that you buy SSL certificates, and that’s to go through your hosting company. Most web hosts offer SSL as a service option, meaning that they handle all of the paperwork and ensure that everything runs smoothly. They are effectively the middleman between you and the issuing authority.

But why would you go through your hosting service? Well, the primary benefit of doing things that way is because your web host has all of the information that you need to verify your website.

WHOIS data, IP address, and other particulars can be provided and verified through the host, making the whole process simpler. In many cases, web hosts offer this service either for free or at a small price, so it can be well worth the convenience in the end.

 

SSL Certificate Providers

To help you get started on buying an SSL certificate, here is a list of the top eight certificate authorities online. Each one can give you the type of SSL protection that you need, and are all highly rated for safety.

 

Comodo SSL

This CA is ranked as number one in the world, so it’s a fantastic place to get your certificate. What makes this company so effective is that they offer 256-bit encryption and they are trusted by all browsers.

Not only that, but Comodo SSL  offers plenty of technical support and a warranty of $250,000 if your site is hacked. The annual price for an EV SSL certificate is $249.

 

IdenTrust

This authority is well known among many banking websites, so you know that it’s an excellent choice. Here you still get 256-bit encryption and plenty of support.

IdenTrust also uses an advanced algorithm to provide an extra boost of security. Best of all, the prices are much more reasonable, with most certificates costing around $100 to $150 for a year.

 

Symantec

Although the price points for this provider are much higher than something like IdenTrust, you get incredible protection, as well as an exemplary warranty.

Most EV SSL certificates are insured for up to $1.5 million, but they can cost over $1,000 per year. As with the others, Symantec offers 256-bit encryption.

 

GoDaddy

Most people are aware of this Godaddy, but usually, it’s because they want to get a domain or host a website. However, this internet powerhouse also provides SSL certificates, and they are much more affordable than the competition. Prices range from $69 to $300.

 

GlobalSign

If you want some extra protection for your website without having to pay exorbitant prices, GlobalSign is a great option. It offers 2048-bit future proof encryption, as well as programs that detect phishing. Best of all, you can sign up for a single domain at just $249 per year.

 

Digicert

Digicert is another CA that offers 2048-bit encryption, which means that it’s perfect for any online business transactions. While this provider is not as well-known as some of the others, they are worth checking out. Prices vary from $175 to $595 annually for Digicert certificates. They also provide an unlimited server license with their certificates.

 

Certum

If you are on a budget and you don’t need high levels of encryption, then this could be a great CA to choose. Although it only offers 128-bit certificates, that is more than enough for sites that don’t deal with sensitive data. Also, the prices are much more affordable, ranging from $23 to $299 per year.

 

Entrust

This CA offers 2048-bit encryption as well as relatively affordable prices. This makes it an excellent option for any online businesses that want extra protection without having to pay a lot more. Prices range between $180 and $575 a year, with EV SSL being on the lower end of the spectrum.

 

Geotrust

Geotrust offers both SSL certificates that enable 256-bit encryption. They also offer code signing which is is the method of using a certificate-based digital signature to sign executables and scripts in order to verify the author’s identity and ensure that the code has not been changed or corrupted since it was signed by the author, which obviously offers an extra level of security. The SSL certificates offered by Geotrust range from $149 up to $745.

 

Rapid SSL

Rapid SSL is a subsidiary of Geotrust, and is definitely a more budget friendly option compared to it’s parent company. They have two options their RapidSSL certificates which promise to “Secure a single domain with strong encryption.” for $59. The other option is RapidSSL wildcard certificates which “Secure unlimited subdomains with strong encryption.” for $249. They offer a $10,000 warranty and offer up to 256-bit encryption as well. Another interesting feature to this site is that it allows you to easily compare it’s offering with some of the other leaders such as Godaddy, Globalsign, and Comodo SSL here.

 

Thawte

Similarly to Geotrust Thawte offers both SSL certificates and code signing as well. Their options range from $149-$299 per year however they also offer options to add wildcard SSL for an extra charge. Their SSL123 option starts at $149, but goes up to $745 if you choose to add the wildcard option. Their SSL web server starts at $199, and it increases to $599 with the wildcard SSL added. They offer up to 256-bit encryption and a 30 day money back guarantee. Also their warranties offered range from $500,000-$1,500,000.

 

Network Solutions

Network solutions is a site that offers pretty much everything you need when creating a site, obviously including SSL Certificates. This provider has 5 options ranging from $59.99 with a 2 year term up to $579 with a 2 year term. They offer “guarantees” ranging from $10,000 all the way up to $1,000,000.

 

Other Considerations Regarding SSL Certificates

While it’s imperative that you understand the basics of SSL and how it all comes together. This being the “ultimate guide,” we have to provide you with some additional information that can be helpful when looking into SSL and how it can work for your website. So, with that in mind, here are some other things to think about when encrypting your data.

 

Slower Load Speed

You may have noticed that when you go to the checkout section of a website that it takes a little longer for it to load than the rest of the pages. That’s because the encryption takes a second or two to take effect. What essentially happens is that the page with the certificate does a “handshake” with the visiting user’s computer.

This ensures that the connection is stable and secure, and won’t allow for any third party people to snoop in and retrieve sensitive data.

 

Certificate Expiration

As we mentioned in our list of providers, prices for SSL certificates are listed annually. This means that any site that is certified has to pay every year to keep everything updated and current. What that also means is that if you visit a site that has an expired certificate, it’s not as safe.

Usually, your browser or antivirus software will tell you if this is the case, and it’s up to you to decide if you want to proceed. For our money, we wouldn’t under any circumstances.

 

Green Lock Data

As we mentioned above, sites that have SSL protection will have a green lock in the address bar. The site will also be listed as an https rather than a standard HTTP. What you should also know is that clicking on the green lock shows all of the public information.

This information is about both the company who owns the website as well as the certificate authority. This is yet another way for visitors to verify the safety of any page that they visit. So, if a site does not have a lock, then you should watch out.

 

Certificate Installation

One important thing to remember when applying for a certificate is that you have to install it onto your website. This is another reason that people like to go through their web host, as the host will usually offer to do this for you.

Also, if you have a site that’s on a shared web server, you won’t have direct access to it anyway. This is important to keep in mind so that you don’t accidentally pay for something that you can’t even use.

 

HTTP Phase Out

This may or may not happen at all, but there is a growing idea that all online activity should be secured through SSL. This means that sites that don’t have certification will be removed from search engines or phased out altogether.

The thinking behind this is that by requiring certificates for all sites it will make the internet a much safer place overall, but the fact is that it can be hard to implement such an overarching strategy, particularly when considering the broad scope of the internet.

As it stands, local laws and regulations stipulate which kinds of sites are required to have SSL certificates. Right now, only those that are classified as a listing site, or any pages that don’t deal with customer information do not need SSL encryption.

One of the biggest issues with requiring such protection is that it can cost a lot of money. Paying several hundred dollars a year can be prohibitive for some sites, especially if they have to manage multiple domains or IP addresses.

Perhaps if the cost went down, it would be easier to phase out all non-secure sites, but it’ll be interesting to see how that all comes together.

 

Conclusion

As you can see, there is a lot of stuff to consider when looking at SSL certificates. Overall, it’s everyone’s responsibility to make sure that the internet is a safe place. This means that if you do host a website, you should get it encrypted as soon as possible.

Thankfully, the current prevalence of SSL certificates, along with the easy method of spotting a safe site, means that most people can be online without any risk of getting infected with some kind of malware.

Usually, the problem occurs when visiting a non-secure site or downloading something from an unsecured source. As such, there is no real reason that you should feel unsafe when surfing the web.

Hopefully, this guide answered all of your questions regarding SSL certificates, and we hope it helped you find the best SSL certificate provider for you.